Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Spomalene PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
- Návštěvník
- Příspěvky: 69
- Registrován: 19 lis 2016 15:17
Spomalene PC
Zdravim
Vedeli by ste mi pomôcť mam brutalne spomalene pc najhoršie je na tom asi prehliadač
Prikladam frst log
Vedeli by ste mi pomôcť mam brutalne spomalene pc najhoršie je na tom asi prehliadač
Prikladam frst log
- Přílohy
-
- FRST.rar
- (31.47 KiB) Staženo 61 x
Re: Spomalene PC
Dobry den.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://filehippo.com/download_adwcleaner/74895/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://filehippo.com/download_adwcleaner/74895/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 69
- Registrován: 19 lis 2016 15:17
Re: Spomalene PC
log tu
# AdwCleaner v6.046 - Logfile created 05/07/2019 at 10:01:53
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Local]
# Operating System : Windows 7 Professional N Service Pack 1 (X64)
# Username : Michal - MICHAL-PC
# Running from : C:\Users\Michal\Desktop\adw\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: DrvAgent64
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\VbGUI.cToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\VbGUI.cToolbarHost
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\VbGUI.cToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\VbGUI.cToolbarHost
[-] Key deleted: HKU\S-1-5-21-2180884660-450883477-2478548842-1000\Software\eSupport.com
[#] Key deleted on reboot: HKCU\Software\eSupport.com
[#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2699 Bytes] - [29/10/2017 20:18:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [1339 Bytes] - [05/07/2019 10:01:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [2796 Bytes] - [29/10/2017 20:17:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [1668 Bytes] - [05/07/2019 09:16:33]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1558 Bytes] ##########
# AdwCleaner v6.046 - Logfile created 05/07/2019 at 10:01:53
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Local]
# Operating System : Windows 7 Professional N Service Pack 1 (X64)
# Username : Michal - MICHAL-PC
# Running from : C:\Users\Michal\Desktop\adw\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: DrvAgent64
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\VbGUI.cToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\VbGUI.cToolbarHost
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\VbGUI.cToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\VbGUI.cToolbarHost
[-] Key deleted: HKU\S-1-5-21-2180884660-450883477-2478548842-1000\Software\eSupport.com
[#] Key deleted on reboot: HKCU\Software\eSupport.com
[#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2699 Bytes] - [29/10/2017 20:18:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [1339 Bytes] - [05/07/2019 10:01:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [2796 Bytes] - [29/10/2017 20:17:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [1668 Bytes] - [05/07/2019 09:16:33]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1558 Bytes] ##########
Re: Spomalene PC
Poprosim o nove logy z FRST + ADDITION
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 69
- Registrován: 19 lis 2016 15:17
Re: Spomalene PC
Odinstalujte McAfee
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST, pricom zvolte Kodovanie na UTF-8 (skopirujte do poznamkoveho bloku -> Subor -> Ulozit ako -> Encoding/Kodovaniee: zvolte UTF-8 -> ulozit).
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Do poznamkoveho bloku skopirujte obsah dole:
Kód: Vybrat vše
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {430392D6-18CD-4199-8851-CAB5407D6820} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {BC587310-D6AF-4510-A616-B3F7718A1E9F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
FF Extension: (No Name) - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\jo0mc75n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-21]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe" [X]
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
Shortcut: C:\Users\Michal\Desktop\programi\Моzillа Firеfох.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
AlternateDataStreams: C:\ProgramData\TEMP:15B79D44 [139]
AlternateDataStreams: C:\Users\Michal\Desktop\pot2.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Michal\Desktop\pot2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Michal\Desktop\potvrdenie.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Michal\Desktop\potvrdenie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{06885066-EAD1-4E28-9D0F-97443AF7424D}] => (Allow) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe No File
FirewallRules: [{FA2D92B7-6A10-4429-AB46-5DCD2D37CE86}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{24CDE195-283E-4318-A621-1BF04C767A06}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{9012649C-6825-4FC2-ACC4-95D64ACEA092}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{71819DF6-0CFA-45ED-A80D-2F867B3BB2D9}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{FB05FC84-2F7E-4182-8035-FB942643F695}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{A119C0DA-55C6-4852-B836-86D65833D20F}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{58F456B6-F9F3-416F-B63D-8A439DDA68DA}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{70C337D7-11E5-4284-A7C3-5D83DA871B71}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{D516D2A6-69B8-412C-9D76-D6025C4907E4}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{4F844E97-A294-4720-8FC2-AF7C43101F16}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{5F9B7E6D-E553-4708-BB1F-7732A14B5990}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{C284DEFA-E200-4760-AC21-CCEDA0EF9B25}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{96219185-9930-4B47-B68A-B21B1E7790DB}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{AC803BA4-E237-4C98-96AC-D25F0163C4F1}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{10ECAB87-6982-4B6A-A8B6-7A7C5BA643C6}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [TCP Query User{6E4D85F1-C8C6-4620-A870-18CA39BB88AC}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [UDP Query User{ED6C8155-B5B1-4A28-85DE-000BB926D403}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [TCP Query User{6E338FED-6124-415E-8145-1444DC89A189}C:\program files (x86)\sysm\sysm.exe] => (Block) C:\program files (x86)\sysm\sysm.exe () [File not signed]
FirewallRules: [UDP Query User{6326A225-085B-4575-82C5-E293662194FE}C:\program files (x86)\sysm\sysm.exe] => (Block) C:\program files (x86)\sysm\sysm.exe () [File not signed]
FirewallRules: [TCP Query User{97E747F7-018B-4AC6-BCCE-7ACEAF9328A3}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [UDP Query User{38FDB1EF-6DD6-4E54-92F5-8871D9D8FD15}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
EmptyTemp:
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 69
- Registrován: 19 lis 2016 15:17
Re: Spomalene PC
Prikladam Fix log
Fix result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Michal (07-07-2019 21:19:11) Run:3
Running from C:\Users\Michal\Desktop\FRST
Loaded Profiles: Michal (Available Profiles: Michal)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {430392D6-18CD-4199-8851-CAB5407D6820} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {BC587310-D6AF-4510-A616-B3F7718A1E9F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
FF Extension: (No Name) - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\jo0mc75n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-21]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe" [X]
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
Shortcut: C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
AlternateDataStreams: C:\ProgramData\TEMP:15B79D44 [139]
AlternateDataStreams: C:\Users\Michal\Desktop\pot2.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Michal\Desktop\pot2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Michal\Desktop\potvrdenie.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Michal\Desktop\potvrdenie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{06885066-EAD1-4E28-9D0F-97443AF7424D}] => (Allow) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe No File
FirewallRules: [{FA2D92B7-6A10-4429-AB46-5DCD2D37CE86}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{24CDE195-283E-4318-A621-1BF04C767A06}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{9012649C-6825-4FC2-ACC4-95D64ACEA092}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{71819DF6-0CFA-45ED-A80D-2F867B3BB2D9}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{FB05FC84-2F7E-4182-8035-FB942643F695}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{A119C0DA-55C6-4852-B836-86D65833D20F}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{58F456B6-F9F3-416F-B63D-8A439DDA68DA}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{70C337D7-11E5-4284-A7C3-5D83DA871B71}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{D516D2A6-69B8-412C-9D76-D6025C4907E4}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{4F844E97-A294-4720-8FC2-AF7C43101F16}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{5F9B7E6D-E553-4708-BB1F-7732A14B5990}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{C284DEFA-E200-4760-AC21-CCEDA0EF9B25}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{96219185-9930-4B47-B68A-B21B1E7790DB}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{AC803BA4-E237-4C98-96AC-D25F0163C4F1}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{10ECAB87-6982-4B6A-A8B6-7A7C5BA643C6}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [TCP Query User{6E4D85F1-C8C6-4620-A870-18CA39BB88AC}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [UDP Query User{ED6C8155-B5B1-4A28-85DE-000BB926D403}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [TCP Query User{6E338FED-6124-415E-8145-1444DC89A189}C:\program files (x86)\sysm\sysm.exe] => (Block) C:\program files (x86)\sysm\sysm.exe () [File not signed]
FirewallRules: [UDP Query User{6326A225-085B-4575-82C5-E293662194FE}C:\program files (x86)\sysm\sysm.exe] => (Block) C:\program files (x86)\sysm\sysm.exe () [File not signed]
FirewallRules: [TCP Query User{97E747F7-018B-4AC6-BCCE-7ACEAF9328A3}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [UDP Query User{38FDB1EF-6DD6-4E54-92F5-8871D9D8FD15}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
EmptyTemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{430392D6-18CD-4199-8851-CAB5407D6820}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{430392D6-18CD-4199-8851-CAB5407D6820}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC587310-D6AF-4510-A616-B3F7718A1E9F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC587310-D6AF-4510-A616-B3F7718A1E9F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\jo0mc75n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => moved successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
HKLM\System\CurrentControlSet\Services\rpcapd => removed successfully
rpcapd => service removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz137 => removed successfully
cpuz137 => service removed successfully
HKLM\System\CurrentControlSet\Services\FreshIO => removed successfully
FreshIO => service removed successfully
"C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk" => Could not move.
C:\ProgramData\TEMP => ":15B79D44" ADS removed successfully
C:\Users\Michal\Desktop\pot2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Michal\Desktop\pot2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Michal\Desktop\potvrdenie.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Michal\Desktop\potvrdenie.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06885066-EAD1-4E28-9D0F-97443AF7424D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA2D92B7-6A10-4429-AB46-5DCD2D37CE86}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24CDE195-283E-4318-A621-1BF04C767A06}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9012649C-6825-4FC2-ACC4-95D64ACEA092}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71819DF6-0CFA-45ED-A80D-2F867B3BB2D9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB05FC84-2F7E-4182-8035-FB942643F695}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A119C0DA-55C6-4852-B836-86D65833D20F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58F456B6-F9F3-416F-B63D-8A439DDA68DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70C337D7-11E5-4284-A7C3-5D83DA871B71}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D516D2A6-69B8-412C-9D76-D6025C4907E4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F844E97-A294-4720-8FC2-AF7C43101F16}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F9B7E6D-E553-4708-BB1F-7732A14B5990}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C284DEFA-E200-4760-AC21-CCEDA0EF9B25}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96219185-9930-4B47-B68A-B21B1E7790DB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC803BA4-E237-4C98-96AC-D25F0163C4F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10ECAB87-6982-4B6A-A8B6-7A7C5BA643C6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E4D85F1-C8C6-4620-A870-18CA39BB88AC}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ED6C8155-B5B1-4A28-85DE-000BB926D403}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E338FED-6124-415E-8145-1444DC89A189}C:\program files (x86)\sysm\sysm.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6326A225-085B-4575-82C5-E293662194FE}C:\program files (x86)\sysm\sysm.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{97E747F7-018B-4AC6-BCCE-7ACEAF9328A3}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{38FDB1EF-6DD6-4E54-92F5-8871D9D8FD15}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8497462 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7711514 B
Edge => 0 B
Chrome => 0 B
Firefox => 729548950 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Michal => 180321769 B
RecycleBin => 18089372 B
EmptyTemp: => 908.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:21:52 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Michal (07-07-2019 21:19:11) Run:3
Running from C:\Users\Michal\Desktop\FRST
Loaded Profiles: Michal (Available Profiles: Michal)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {430392D6-18CD-4199-8851-CAB5407D6820} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {BC587310-D6AF-4510-A616-B3F7718A1E9F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
FF Extension: (No Name) - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\jo0mc75n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-21]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe" [X]
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
Shortcut: C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
AlternateDataStreams: C:\ProgramData\TEMP:15B79D44 [139]
AlternateDataStreams: C:\Users\Michal\Desktop\pot2.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Michal\Desktop\pot2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Michal\Desktop\potvrdenie.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Michal\Desktop\potvrdenie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{06885066-EAD1-4E28-9D0F-97443AF7424D}] => (Allow) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe No File
FirewallRules: [{FA2D92B7-6A10-4429-AB46-5DCD2D37CE86}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{24CDE195-283E-4318-A621-1BF04C767A06}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{9012649C-6825-4FC2-ACC4-95D64ACEA092}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{71819DF6-0CFA-45ED-A80D-2F867B3BB2D9}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{FB05FC84-2F7E-4182-8035-FB942643F695}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{A119C0DA-55C6-4852-B836-86D65833D20F}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{58F456B6-F9F3-416F-B63D-8A439DDA68DA}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{70C337D7-11E5-4284-A7C3-5D83DA871B71}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{D516D2A6-69B8-412C-9D76-D6025C4907E4}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{4F844E97-A294-4720-8FC2-AF7C43101F16}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{5F9B7E6D-E553-4708-BB1F-7732A14B5990}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{C284DEFA-E200-4760-AC21-CCEDA0EF9B25}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{96219185-9930-4B47-B68A-B21B1E7790DB}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{AC803BA4-E237-4C98-96AC-D25F0163C4F1}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{10ECAB87-6982-4B6A-A8B6-7A7C5BA643C6}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [TCP Query User{6E4D85F1-C8C6-4620-A870-18CA39BB88AC}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [UDP Query User{ED6C8155-B5B1-4A28-85DE-000BB926D403}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [TCP Query User{6E338FED-6124-415E-8145-1444DC89A189}C:\program files (x86)\sysm\sysm.exe] => (Block) C:\program files (x86)\sysm\sysm.exe () [File not signed]
FirewallRules: [UDP Query User{6326A225-085B-4575-82C5-E293662194FE}C:\program files (x86)\sysm\sysm.exe] => (Block) C:\program files (x86)\sysm\sysm.exe () [File not signed]
FirewallRules: [TCP Query User{97E747F7-018B-4AC6-BCCE-7ACEAF9328A3}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [UDP Query User{38FDB1EF-6DD6-4E54-92F5-8871D9D8FD15}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
EmptyTemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{430392D6-18CD-4199-8851-CAB5407D6820}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{430392D6-18CD-4199-8851-CAB5407D6820}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC587310-D6AF-4510-A616-B3F7718A1E9F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC587310-D6AF-4510-A616-B3F7718A1E9F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\jo0mc75n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => moved successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
HKLM\System\CurrentControlSet\Services\rpcapd => removed successfully
rpcapd => service removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz137 => removed successfully
cpuz137 => service removed successfully
HKLM\System\CurrentControlSet\Services\FreshIO => removed successfully
FreshIO => service removed successfully
"C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk" => Could not move.
C:\ProgramData\TEMP => ":15B79D44" ADS removed successfully
C:\Users\Michal\Desktop\pot2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Michal\Desktop\pot2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Michal\Desktop\potvrdenie.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Michal\Desktop\potvrdenie.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06885066-EAD1-4E28-9D0F-97443AF7424D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA2D92B7-6A10-4429-AB46-5DCD2D37CE86}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24CDE195-283E-4318-A621-1BF04C767A06}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9012649C-6825-4FC2-ACC4-95D64ACEA092}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71819DF6-0CFA-45ED-A80D-2F867B3BB2D9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB05FC84-2F7E-4182-8035-FB942643F695}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A119C0DA-55C6-4852-B836-86D65833D20F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58F456B6-F9F3-416F-B63D-8A439DDA68DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70C337D7-11E5-4284-A7C3-5D83DA871B71}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D516D2A6-69B8-412C-9D76-D6025C4907E4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F844E97-A294-4720-8FC2-AF7C43101F16}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F9B7E6D-E553-4708-BB1F-7732A14B5990}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C284DEFA-E200-4760-AC21-CCEDA0EF9B25}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96219185-9930-4B47-B68A-B21B1E7790DB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC803BA4-E237-4C98-96AC-D25F0163C4F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10ECAB87-6982-4B6A-A8B6-7A7C5BA643C6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E4D85F1-C8C6-4620-A870-18CA39BB88AC}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ED6C8155-B5B1-4A28-85DE-000BB926D403}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E338FED-6124-415E-8145-1444DC89A189}C:\program files (x86)\sysm\sysm.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6326A225-085B-4575-82C5-E293662194FE}C:\program files (x86)\sysm\sysm.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{97E747F7-018B-4AC6-BCCE-7ACEAF9328A3}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{38FDB1EF-6DD6-4E54-92F5-8871D9D8FD15}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8497462 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7711514 B
Edge => 0 B
Chrome => 0 B
Firefox => 729548950 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Michal => 180321769 B
RecycleBin => 18089372 B
EmptyTemp: => 908.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:21:52 ====
Re: Spomalene PC
Urobte predchodzi script v nudzovom rezime.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 69
- Registrován: 19 lis 2016 15:17
Re: Spomalene PC
prikladam log fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Michal (11-07-2019 18:03:38) Run:4
Running from C:\Users\Michal\Desktop\FRST
Loaded Profiles: Michal (Available Profiles: Michal)
Boot Mode: Safe Mode (minimal)
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {430392D6-18CD-4199-8851-CAB5407D6820} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {BC587310-D6AF-4510-A616-B3F7718A1E9F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
FF Extension: (No Name) - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\jo0mc75n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-21]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe" [X]
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
Shortcut: C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
AlternateDataStreams: C:\ProgramData\TEMP:15B79D44 [139]
AlternateDataStreams: C:\Users\Michal\Desktop\pot2.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Michal\Desktop\pot2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Michal\Desktop\potvrdenie.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Michal\Desktop\potvrdenie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{06885066-EAD1-4E28-9D0F-97443AF7424D}] => (Allow) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe No File
FirewallRules: [{FA2D92B7-6A10-4429-AB46-5DCD2D37CE86}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{24CDE195-283E-4318-A621-1BF04C767A06}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{9012649C-6825-4FC2-ACC4-95D64ACEA092}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{71819DF6-0CFA-45ED-A80D-2F867B3BB2D9}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{FB05FC84-2F7E-4182-8035-FB942643F695}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{A119C0DA-55C6-4852-B836-86D65833D20F}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{58F456B6-F9F3-416F-B63D-8A439DDA68DA}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{70C337D7-11E5-4284-A7C3-5D83DA871B71}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{D516D2A6-69B8-412C-9D76-D6025C4907E4}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{4F844E97-A294-4720-8FC2-AF7C43101F16}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{5F9B7E6D-E553-4708-BB1F-7732A14B5990}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{C284DEFA-E200-4760-AC21-CCEDA0EF9B25}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{96219185-9930-4B47-B68A-B21B1E7790DB}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{AC803BA4-E237-4C98-96AC-D25F0163C4F1}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{10ECAB87-6982-4B6A-A8B6-7A7C5BA643C6}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [TCP Query User{6E4D85F1-C8C6-4620-A870-18CA39BB88AC}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [UDP Query User{ED6C8155-B5B1-4A28-85DE-000BB926D403}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [TCP Query User{6E338FED-6124-415E-8145-1444DC89A189}C:\program files (x86)\sysm\sysm.exe] => (Block) C:\program files (x86)\sysm\sysm.exe () [File not signed]
FirewallRules: [UDP Query User{6326A225-085B-4575-82C5-E293662194FE}C:\program files (x86)\sysm\sysm.exe] => (Block) C:\program files (x86)\sysm\sysm.exe () [File not signed]
FirewallRules: [TCP Query User{97E747F7-018B-4AC6-BCCE-7ACEAF9328A3}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [UDP Query User{38FDB1EF-6DD6-4E54-92F5-8871D9D8FD15}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
EmptyTemp:
*****************
Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{430392D6-18CD-4199-8851-CAB5407D6820}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC587310-D6AF-4510-A616-B3F7718A1E9F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
"C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\jo0mc75n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi" => not found
"C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi" => not found
rpcapd => service not found.
WsDrvInst => service not found.
cpuz137 => service not found.
FreshIO => service not found.
"C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk" => Could not move.
"C:\ProgramData\TEMP" => ":15B79D44" ADS not found.
"C:\Users\Michal\Desktop\pot2.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Michal\Desktop\pot2.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Users\Michal\Desktop\potvrdenie.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Michal\Desktop\potvrdenie.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06885066-EAD1-4E28-9D0F-97443AF7424D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA2D92B7-6A10-4429-AB46-5DCD2D37CE86}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24CDE195-283E-4318-A621-1BF04C767A06}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9012649C-6825-4FC2-ACC4-95D64ACEA092}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71819DF6-0CFA-45ED-A80D-2F867B3BB2D9}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB05FC84-2F7E-4182-8035-FB942643F695}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A119C0DA-55C6-4852-B836-86D65833D20F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58F456B6-F9F3-416F-B63D-8A439DDA68DA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70C337D7-11E5-4284-A7C3-5D83DA871B71}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D516D2A6-69B8-412C-9D76-D6025C4907E4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F844E97-A294-4720-8FC2-AF7C43101F16}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F9B7E6D-E553-4708-BB1F-7732A14B5990}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C284DEFA-E200-4760-AC21-CCEDA0EF9B25}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96219185-9930-4B47-B68A-B21B1E7790DB}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC803BA4-E237-4C98-96AC-D25F0163C4F1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10ECAB87-6982-4B6A-A8B6-7A7C5BA643C6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E4D85F1-C8C6-4620-A870-18CA39BB88AC}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ED6C8155-B5B1-4A28-85DE-000BB926D403}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E338FED-6124-415E-8145-1444DC89A189}C:\program files (x86)\sysm\sysm.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6326A225-085B-4575-82C5-E293662194FE}C:\program files (x86)\sysm\sysm.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{97E747F7-018B-4AC6-BCCE-7ACEAF9328A3}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{38FDB1EF-6DD6-4E54-92F5-8871D9D8FD15}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15191559 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 400291 B
Edge => 0 B
Chrome => 0 B
Firefox => 174430084 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Michal => 541786 B
RecycleBin => 0 B
EmptyTemp: => 181.7 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 18:05:57 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Michal (11-07-2019 18:03:38) Run:4
Running from C:\Users\Michal\Desktop\FRST
Loaded Profiles: Michal (Available Profiles: Michal)
Boot Mode: Safe Mode (minimal)
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {430392D6-18CD-4199-8851-CAB5407D6820} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {BC587310-D6AF-4510-A616-B3F7718A1E9F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
FF Extension: (No Name) - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\jo0mc75n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-21]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe" [X]
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
Shortcut: C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
AlternateDataStreams: C:\ProgramData\TEMP:15B79D44 [139]
AlternateDataStreams: C:\Users\Michal\Desktop\pot2.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Michal\Desktop\pot2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Michal\Desktop\potvrdenie.jpeg:3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Michal\Desktop\potvrdenie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{06885066-EAD1-4E28-9D0F-97443AF7424D}] => (Allow) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe No File
FirewallRules: [{FA2D92B7-6A10-4429-AB46-5DCD2D37CE86}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{24CDE195-283E-4318-A621-1BF04C767A06}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{9012649C-6825-4FC2-ACC4-95D64ACEA092}] => (Allow) C:\Program Files\GNS3\gns3server.exe () [File not signed]
FirewallRules: [{71819DF6-0CFA-45ED-A80D-2F867B3BB2D9}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{FB05FC84-2F7E-4182-8035-FB942643F695}] => (Allow) C:\Program Files\GNS3\ubridge.exe () [File not signed]
FirewallRules: [{A119C0DA-55C6-4852-B836-86D65833D20F}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{58F456B6-F9F3-416F-B63D-8A439DDA68DA}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe () [File not signed]
FirewallRules: [{70C337D7-11E5-4284-A7C3-5D83DA871B71}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{D516D2A6-69B8-412C-9D76-D6025C4907E4}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe () [File not signed]
FirewallRules: [{4F844E97-A294-4720-8FC2-AF7C43101F16}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{5F9B7E6D-E553-4708-BB1F-7732A14B5990}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe () [File not signed]
FirewallRules: [{C284DEFA-E200-4760-AC21-CCEDA0EF9B25}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{96219185-9930-4B47-B68A-B21B1E7790DB}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{AC803BA4-E237-4C98-96AC-D25F0163C4F1}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [{10ECAB87-6982-4B6A-A8B6-7A7C5BA643C6}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe (Stefan Weil -> hxxp://www.qemu.org/) [File not signed]
FirewallRules: [TCP Query User{6E4D85F1-C8C6-4620-A870-18CA39BB88AC}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [UDP Query User{ED6C8155-B5B1-4A28-85DE-000BB926D403}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [TCP Query User{6E338FED-6124-415E-8145-1444DC89A189}C:\program files (x86)\sysm\sysm.exe] => (Block) C:\program files (x86)\sysm\sysm.exe () [File not signed]
FirewallRules: [UDP Query User{6326A225-085B-4575-82C5-E293662194FE}C:\program files (x86)\sysm\sysm.exe] => (Block) C:\program files (x86)\sysm\sysm.exe () [File not signed]
FirewallRules: [TCP Query User{97E747F7-018B-4AC6-BCCE-7ACEAF9328A3}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
FirewallRules: [UDP Query User{38FDB1EF-6DD6-4E54-92F5-8871D9D8FD15}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe (Monitor) [File not signed]
EmptyTemp:
*****************
Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{430392D6-18CD-4199-8851-CAB5407D6820}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC587310-D6AF-4510-A616-B3F7718A1E9F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
"C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\jo0mc75n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi" => not found
"C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi" => not found
rpcapd => service not found.
WsDrvInst => service not found.
cpuz137 => service not found.
FreshIO => service not found.
"C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk" => Could not move.
"C:\ProgramData\TEMP" => ":15B79D44" ADS not found.
"C:\Users\Michal\Desktop\pot2.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Michal\Desktop\pot2.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Users\Michal\Desktop\potvrdenie.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Michal\Desktop\potvrdenie.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06885066-EAD1-4E28-9D0F-97443AF7424D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA2D92B7-6A10-4429-AB46-5DCD2D37CE86}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24CDE195-283E-4318-A621-1BF04C767A06}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9012649C-6825-4FC2-ACC4-95D64ACEA092}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71819DF6-0CFA-45ED-A80D-2F867B3BB2D9}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB05FC84-2F7E-4182-8035-FB942643F695}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A119C0DA-55C6-4852-B836-86D65833D20F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58F456B6-F9F3-416F-B63D-8A439DDA68DA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70C337D7-11E5-4284-A7C3-5D83DA871B71}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D516D2A6-69B8-412C-9D76-D6025C4907E4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F844E97-A294-4720-8FC2-AF7C43101F16}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F9B7E6D-E553-4708-BB1F-7732A14B5990}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C284DEFA-E200-4760-AC21-CCEDA0EF9B25}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96219185-9930-4B47-B68A-B21B1E7790DB}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC803BA4-E237-4C98-96AC-D25F0163C4F1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10ECAB87-6982-4B6A-A8B6-7A7C5BA643C6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E4D85F1-C8C6-4620-A870-18CA39BB88AC}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ED6C8155-B5B1-4A28-85DE-000BB926D403}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E338FED-6124-415E-8145-1444DC89A189}C:\program files (x86)\sysm\sysm.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6326A225-085B-4575-82C5-E293662194FE}C:\program files (x86)\sysm\sysm.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{97E747F7-018B-4AC6-BCCE-7ACEAF9328A3}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{38FDB1EF-6DD6-4E54-92F5-8871D9D8FD15}C:\program files (x86)\sysm monitor\sysm-monitor.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15191559 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 400291 B
Edge => 0 B
Chrome => 0 B
Firefox => 174430084 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Michal => 541786 B
RecycleBin => 0 B
EmptyTemp: => 181.7 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 18:05:57 ====
Re: Spomalene PC
Mozete sem dat nove logy z FRST + ADDITION?
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 69
- Registrován: 19 lis 2016 15:17
Re: Spomalene PC
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST, pricom zvolte Kodovanie na UTF-8 (skopirujte do poznamkoveho bloku -> Subor -> Ulozit ako -> Encoding/Kodovaniee: zvolte UTF-8 -> ulozit).
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Kód: Vybrat vše
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Shortcut: C:\Users\Michal\Desktop\programi\Моzillа Firеfох.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
FirewallRules: [{D0A2C70A-B9FA-4304-8C7E-1AE6865B092F}] => (Block) C:\Program Files\ESET\ESET Security\ekrn.exe No File
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST, pricom zvolte Kodovanie na UTF-8 (skopirujte do poznamkoveho bloku -> Subor -> Ulozit ako -> Encoding/Kodovaniee: zvolte UTF-8 -> ulozit).
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 69
- Registrován: 19 lis 2016 15:17
Re: Spomalene PC
prikladam fixlog počitač sa ale po spusteni fixlistu nerebootoval
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Michal (21-07-2019 12:49:11) Run:6
Running from C:\Users\Michal\Desktop\FRST
Loaded Profiles: Michal (Available Profiles: Michal)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Shortcut: C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
FirewallRules: [{D0A2C70A-B9FA-4304-8C7E-1AE6865B092F}] => (Block) C:\Program Files\ESET\ESET Security\ekrn.exe No File
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk" => Could not move.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0A2C70A-B9FA-4304-8C7E-1AE6865B092F}" => not found
==== End of Fixlog 12:49:18 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Michal (21-07-2019 12:49:11) Run:6
Running from C:\Users\Michal\Desktop\FRST
Loaded Profiles: Michal (Available Profiles: Michal)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Shortcut: C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk -> C:\Program Files (x86)\HPTurtle\TurtleStarter.exe (No File) <==== Cyrillic
FirewallRules: [{D0A2C70A-B9FA-4304-8C7E-1AE6865B092F}] => (Block) C:\Program Files\ESET\ESET Security\ekrn.exe No File
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"C:\Users\Michal\Desktop\programi\??zill? Fir?f??.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ???l?r?r.lnk" => Could not move.
"C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk" => Could not move.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0A2C70A-B9FA-4304-8C7E-1AE6865B092F}" => not found
==== End of Fixlog 12:49:18 ====
Re: Spomalene PC
Ako je na tom pocitac?
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
-
- Návštěvník
- Příspěvky: 69
- Registrován: 19 lis 2016 15:17
Re: Spomalene PC
trocha sa to zrychlilo ale prehliadač je stále na tom zle